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The University of Texas at Dallas' Center for Advanced Telecommunications 
Systems and Services (CATSS) was founded in January 1998 to satisfy the 
acute needs of the growing Dallas/Richardson telecommunications industry. 
Its mission is to foster a strong Industry-University partnership to advance 
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products. Composed of UTD faculty and industry researchers and 
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A fair exchange protocol allows two users to exchange items so that either 
each user gets the other's item or neither user does. In [2], verifiable 
encryption is introduced as a primitive that can be used to build extremely 
efficient fair exchange protocols where the items exchanged represent 
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The problem of password authentication over an insecure network when the 
user holds only a hunnan-memorizable password has received much 
attention in the literature. The first rigorous treatment was provided by 
Halevi and Krawczyk, who studied off-line password guessing attacks in the 
scenario in which the authentication server possesses a pair of private and 
public keys. In this work we: Show the inadequacy of both the HK 
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We study protocols for strong authentication and key exchange in 
asymnnetric scenarios where the authentication server possesses ~a pair of 
private and public keys while the client has only a weak human- 
memorizable password as its authentication key. We present and analyze 
several simple password authentication protocols in this scenario, and show 
that the security of these protocols can be formally proven based on 
standard cryptographic assumptions. Remarkably, our analysis shows 
optimal re ... 
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A new simple password exponential key exchange method (SPEKE) is 
described. It belongs to an exclusive class of methods which provide 
authentication and key establishment over an insecure channel using only a 
small password, without risk of offline dictionary attack. SPEKE and the 
closely-related Diffie-Hellman Encrypted Key Exchange (DH-EKE) are 
examined in light of both known and new attacks, along with sufficient 
preventive constraints. Although SPEKE and DH-EKE are similar, the 
constraints a ... 
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In their recent paper, "Encrypted Key Exchange: Password-based Protocols 
Secure Against Dictionary Attacks," Bellovin and Merritt propose a novel 
and elegant method for safeguarding weak passwords. This paper discusses 
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a possible weakness in the proposed protocol, develops some 
enhancements and simplifications, and provides a security analysis of the 
resultant minimal EKE protocol. In addition, the basic 2-party EKE model Is 
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Escrowed Key Cryptosystems hold the promise of faithfully realizing legal 
guarantees of privacy for users under normal circumstances while at the 
same time insuring that privacy can be breached by authorities in special 
circumstances under appropriate legal safeguards. The most attractive 
feature of these schemes is that it is possible to ensure that the interests of 
each of the parties— the users, the law enforcement or national security 
agencies, the court or other monitoring entitle ... 
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The authentication logic of Burrows, Abadi and Needham (BAN) provided an 
important step towards rigourous analysis of authentication protocols, and 
has motivated several subsequent refinements. We propose extensions to 
BAN-like logics which facilitate, for the first time, examination of public-key 
based authenticated key establishment protocols in which both parties 
contribute to the derived key (i.e. key agreement protocols). Attention is 
focussed on six distinct generic goals for authenti ... 
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The encrypted key exchange (EKE) protocol is augmented so that hosts do 
not store cleartext passwords. Consequently, adversaries who obtain the 
one-way encrypted password file may (i) successfully mimic (spoof) the 
host to the user, and (ii) mount dictionary attacks against the encrypted 
passwords, but cannot mimic the user to the host. Moreover, the important 
security properties of EKE are preserved— an active network attacker 
obtains insufficient information to mount dictionary attac ... 
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In [KSL92], Kehne et al. present a protocol (KSL) for key distribution. Their 
protocol aiiows for repeated auttientication by means of a ticket. They also 
give a proof in BAN logic [BAN89] that the protocol provides the principals 
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number of messages. Nonetheless, in [NS93] Neuman and Stubblebine 
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